2 * Copyright (C) 2016 Roland Haeder
4 * This program is free software: you can redistribute it and/or modify
5 * it under the terms of the GNU Affero General Public License as
6 * published by the Free Software Foundation, either version 3 of the
7 * License, or (at your option) any later version.
9 * This program is distributed in the hope that it will be useful,
10 * but WITHOUT ANY WARRANTY; without even the implied warranty of
11 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 * GNU Affero General Public License for more details.
14 * You should have received a copy of the GNU Affero General Public License
15 * along with this program. If not, see <http://www.gnu.org/licenses/>.
17 package org.mxchange.jusercore.model.login;
19 import de.chotime.jratecalc.database.BaseRateCalcDatabaseBean;
20 import java.text.MessageFormat;
22 import javax.ejb.Stateless;
23 import org.mxchange.jusercore.container.login.LoginContainer;
24 import org.mxchange.jusercore.exceptions.UserNotFoundException;
25 import org.mxchange.jusercore.exceptions.UserPasswordMismatchException;
26 import org.mxchange.jusercore.exceptions.UserStatusLockedException;
27 import org.mxchange.jusercore.exceptions.UserStatusUnconfirmedException;
28 import org.mxchange.jusercore.model.register.UserRegistrationSessionBeanRemote;
29 import org.mxchange.jusercore.model.user.User;
30 import org.mxchange.jusercore.model.user.UserSessionBeanRemote;
31 import org.mxchange.jusercore.model.user.UserUtils;
32 import org.mxchange.jusercore.model.user.status.UserAccountStatus;
33 import org.mxchange.pizzaaplication.database.BasePizzaDatabaseBean;
36 * A session EJB for user logins
38 * @author Roland Haeder<roland@mxchange.org>
40 @Stateless (name = "login", description = "A bean handling the user login")
41 public class PizzaUserLoginSessionBean extends BasePizzaDatabaseBean implements UserLoginSessionBeanRemote {
46 private static final long serialVersionUID = 21_785_978_127_581_965L;
52 private UserRegistrationSessionBeanRemote registerBean;
58 private UserSessionBeanRemote userBean;
61 public User validateUserAccountStatus (final LoginContainer container) throws UserNotFoundException, UserStatusLockedException, UserStatusUnconfirmedException, UserPasswordMismatchException {
63 this.getLoggerBeanLocal().logTrace(MessageFormat.format("loginUser: container={0} - CALLED!", container)); //NOI18N
66 assert(this.userBean instanceof UserSessionBeanRemote) : "this.userBean is not set"; //NOI18N
67 assert(this.registerBean instanceof UserRegistrationSessionBeanRemote) : "this.registerBean is not set"; //NOI18N
69 // user should not be null
70 if (null == container) {
72 throw new NullPointerException("container is null"); //NOI18N
73 } else if (container.getUser() == null) {
75 throw new NullPointerException("container.user is null"); //NOI18N
76 } else if (container.getUserPassword() == null) {
78 throw new NullPointerException("container.userPassword is null"); //NOI18N
79 } else if (container.getUserPassword().isEmpty()) {
80 // Empty password is not allowed, hardcoded.
81 throw new IllegalArgumentException("container.userPassword is empty"); //NOI18N
84 // Is the account there?
85 if (!this.registerBean.isUserNameRegistered(container.getUser())) {
87 throw new UserNotFoundException(container.getUser());
90 // Get user instance from persistance
91 User updatedUser = this.userBean.fillUserData(container.getUser());
94 this.getLoggerBeanLocal().logDebug(MessageFormat.format("loginUser: updatedUser={0}", updatedUser)); //NOI18N
96 // Is the user account unconfirmed?
97 if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.UNCONFIRMED)) {
99 throw new UserStatusUnconfirmedException(container.getUser());
100 } else if (updatedUser.getUserAccountStatus().equals(UserAccountStatus.LOCKED)) {
102 throw new UserStatusLockedException(container.getUser());
103 } else if (!this.isPasswordMatching(container, updatedUser)) {
104 // Not matcing passwords
105 throw new UserPasswordMismatchException(container.getUser());
109 this.getLoggerBeanLocal().logTrace(MessageFormat.format("loginUser: updatedUser={0} - EXIT!", updatedUser)); //NOI18N
116 * Checks if password matches of both instances. Both user instances must
117 * not match, the first one is the one from the calling bean/controller, the
118 * second is the from database.
120 * @param container Container instance holding the user instance and
121 * unencrypted password
122 * @param updatedUser User instance found for given user name
124 * @return Whether the password matches
126 private boolean isPasswordMatching (final LoginContainer container, final User updatedUser) {
127 // First math both instances
128 if (null == container) {
130 throw new NullPointerException("container is null"); //NOI18N
131 } else if (null == updatedUser) {
133 throw new NullPointerException("updatedUser is null"); //NOI18N
134 } else if (container.getUser().equals(updatedUser)) {
135 // Both same instance!
136 throw new IllegalArgumentException(MessageFormat.format("container.user matches updatedUser: {0}", container.getUser())); //NOI18N
139 // Is it the same same password?
140 return UserUtils.ifPasswordMatches(container, updatedUser);